Total
7818 CVE
CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
---|---|---|---|---|---|
CVE-2008-0636 | 1 Level Platforms | 1 Managed Workplace Service Center | 2023-12-10 | 5.0 MEDIUM | N/A |
Level Platforms, Inc. (LPI) Managed Workplace Service Center 4.x, 5.x and 6.x allows remote attackers to obtain sensitive information via a direct request to About/SC_About.htm, which provides version and patch information. | |||||
CVE-2007-5011 | 1 Wilson Windowware | 1 Webbatch | 2023-12-10 | 5.0 MEDIUM | N/A |
webbatch.exe in WebBatch allows remote attackers to obtain sensitive information via the dumpinputdata parameter. | |||||
CVE-2007-5554 | 1 Oracle | 1 Database Server | 2023-12-10 | 7.1 HIGH | N/A |
Oracle allows remote attackers to obtain server memory contents via crafted packets, aka Oracle reference number 7892711. NOTE: as of 20071016, the only disclosure is a vague pre-advisory with no actionable information. However, since it is from a well-known researcher, it is being assigned a CVE identifier for tracking purposes. | |||||
CVE-2007-6161 | 1 Tilde | 1 Tilde Cms | 2023-12-10 | 5.0 MEDIUM | N/A |
index.php in Tilde CMS 4.x and earlier allows remote attackers to obtain sensitive information via a certain search parameter value in a search action, which reveals the path. | |||||
CVE-2007-5774 | 1 Flatnuke3 | 1 Flatnuke3 | 2023-12-10 | 5.0 MEDIUM | N/A |
index.php in the File Manager module in Flatnuke 3 allows remote attackers to obtain sensitive information via an invalid argumentname parameter in a disc op action, which reveals the path in an error message. | |||||
CVE-2007-5264 | 1 Battlefront | 1 Dropteam | 2023-12-10 | 5.0 MEDIUM | N/A |
Battlefront Dropteam 1.3.3 and earlier sends the client's online account name and password to the game server, which allows malicious game servers to steal account information. | |||||
CVE-2007-4688 | 1 Apple | 2 Mac Os X, Mac Os X Server | 2023-12-10 | 5.0 MEDIUM | N/A |
The Networking component in Apple Mac OS X 10.4 through 10.4.10 allows remote attackers to obtain all addresses for a host, including link-local addresses, via a Node Information Query. | |||||
CVE-2008-0249 | 1 Phpwebquest | 1 Phpwebquest | 2023-12-10 | 5.0 MEDIUM | N/A |
PHP Webquest 2.6 allows remote attackers to retrieve database credentials via a direct request to admin/backup_phpwebquest.php, which leaks the credentials in an error message if a call to /usr/bin/mysqldump fails. NOTE: this might only be an issue in limited environments. | |||||
CVE-2007-2022 | 2 Adobe, Opera | 2 Flash Player, Opera Browser | 2023-12-10 | 6.8 MEDIUM | N/A |
Adobe Macromedia Flash Player 7 and 9, when used with Opera before 9.20 or Konqueror before 20070613, allows remote attackers to obtain sensitive information (browser keystrokes), which are leaked to the Flash Player applet. | |||||
CVE-2007-6095 | 1 Ingate | 2 Ingate Firewall, Ingate Siparator | 2023-12-10 | 4.0 MEDIUM | N/A |
The SIP component in Ingate Firewall before 4.6.0 and SIParator before 4.6.0, when Remote NAT Traversal is employed, does not properly perform user registration and message distribution, which might allow remote authenticated users to receive messages intended for other users. | |||||
CVE-2007-3385 | 1 Apache | 1 Tomcat | 2023-12-10 | 4.3 MEDIUM | N/A |
Apache Tomcat 6.0.0 to 6.0.13, 5.5.0 to 5.5.24, 5.0.0 to 5.0.30, 4.1.0 to 4.1.36, and 3.3 to 3.3.2 does not properly handle the \" character sequence in a cookie value, which might cause sensitive information such as session IDs to be leaked to remote attackers and enable session hijacking attacks. | |||||
CVE-2006-5858 | 2 Adobe, Microsoft | 3 Coldfusion, Jrun, Internet Information Services | 2023-12-10 | 5.0 MEDIUM | N/A |
Adobe ColdFusion MX 7 through 7.0.2, and JRun 4, when run on Microsoft IIS, allows remote attackers to read arbitrary files, list directories, or read source code via a double URL-encoded NULL byte in a ColdFusion filename, such as a CFM file. | |||||
CVE-2008-0297 | 1 Keil Software | 1 Photokorn | 2023-12-10 | 5.0 MEDIUM | N/A |
PhotoKorn allows remote attackers to obtain database credentials via a direct request to update/update3.php, which includes the credentials in its output. | |||||
CVE-2007-4861 | 1 Quirm | 1 Saxon | 2023-12-10 | 5.0 MEDIUM | N/A |
SAXON 5.4, with display_errors enabled, allows remote attackers to obtain sensitive information via (1) a direct request for news.php, (2) an invalid use of a newsid array parameter to admin/edit-item.php, and possibly unspecified vectors related to additional scripts in (3) admin/, (4) rss/, and (5) the root directory of the installation, which reveal the path in various error messages. | |||||
CVE-2007-5196 | 1 Suse | 1 Suse Linux | 2023-12-10 | 7.5 HIGH | N/A |
Unspecified vulnerability in the SSL implementation in Groupwise client system in the novell-groupwise-client package in SUSE Linux Enterprise Desktop 10 allows remote attackers to obtain credentials via a man-in-the-middle attack, a different vulnerability than CVE-2007-5195. | |||||
CVE-2007-3850 | 2 Apple, Linux | 2 Powerpc, Linux Kernel | 2023-12-10 | 1.9 LOW | N/A |
The eHCA driver in Linux kernel 2.6 before 2.6.22, when running on PowerPC, does not properly map userspace resources, which allows local users to read portions of physical address space. | |||||
CVE-2007-6408 | 1 Ibm | 1 Tivoli Provisioning Manager Express | 2023-12-10 | 5.0 MEDIUM | N/A |
IBM Tivoli Provisioning Manager Express provides unspecified information in error messages when (1) attempted duplication of a username occurs when creating an account or (2) when trying to login using a valid username, which makes it easier for remote attackers to enumerate usernames. | |||||
CVE-2007-6512 | 1 Php | 1 Mysql Banner Exchange | 2023-12-10 | 5.0 MEDIUM | N/A |
PHP MySQL Banner Exchange 2.2.1 stores sensitive information under the web root with insufficient access control, which allows remote attackers to obtain database information via a direct request to inc/lib.inc. | |||||
CVE-2008-1113 | 2 Cisco, Vocera Communications | 2 7921 Wireless Ip Phone, Vocera Communications Badge | 2023-12-10 | 7.8 HIGH | N/A |
Cisco Unified Wireless IP Phone 7921, when using Protected Extensible Authentication Protocol (PEAP), does not validate server certificates, which allows remote wireless access points to steal hashed passwords and conduct man-in-the-middle (MITM) attacks. | |||||
CVE-2007-3008 | 1 Mbedthis Software | 1 Mbedthis Appweb Http Server | 2023-12-10 | 4.3 MEDIUM | N/A |
Mbedthis AppWeb before 2.2.2 enables the HTTP TRACE method, which has unspecified impact probably related to remote information leaks and cross-site tracing (XST) attacks, a related issue to CVE-2004-2320 and CVE-2005-3398. |